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CLAIMS 

What is Claimed is: 
1. A system for providing a 
system comprising: 

a first device comprising 



firewall to a communication device, said 



a hardware implemented firewall, said first 



device coupled to a host device that is coupled to said communication device 
for establishing a connection to a network; 

logic residing in said system to allow said communication device to 
establish a connection to the network provided said first device is in said 



system; and 

said system configured to 



cause data transferred by the 



communication device to be processed by said firewall. 

2. The system of Claim 1, further comprising: 
logic for checking integrity of software components in said system. 

3. The system of Claim 2, further comprising: 
a server for providing policies to be used by said firewall; and 
said first device further comprises stored values to access said server 

to receive the policies. 

4. The system of Claim 1, fukher comprising: 
a server for providing policies to be used by said firewall; and 



said first device operable tl access said server to receive the policies. 



5. The system of Claim 4, whjerein 

said system further comprises 
hardware implemented firewall; 



a plurality of nodes having a 
and wherein 
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said server is further opferabl 
of nodes, wherein said system 
having nodes with hardware 



6. The system of Claim 1, 
establish a connection to the 
token. 



e to transfer the policies to said plurality 
comprises a centrally managed network 
mplemented firewalls. 



wherein said logic to allow said system to 
network comprises a hardware implemented 



7. The system of Claim 1, rurther comprising a third device having 
stored thereon data needed to establish the connection to the network, said 
third device coupled to said first device, wherein said logic to allow said 
system to establish the connection is operable to access said data to assure 
said first device must be in sak 1 system to establish said connection to the 
network via the communicatio i device. 



8. The system of Claim 1, 
an alert log for logging 



further comprising: 
possible breaches detected by said system. 



9. The system of Claim 8, 
a configuration integrity 
components in said system, 
configuration integrity checker 



further comprising: 

checker for checking integrity of software 
wh|erein said possible breach is detected by said 



10. The system of Claim 1, 

logic for preventing login 
coupled to the host device. 



urther comprising: 

of the host device unless said first device 



checks the integrity of software 



11. The system of Claim 1, Wherein said configuration integrity checker 



:omponents residing in said host device. 
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12. The system of Claim 1, wherein said first device is physically coupled 
to the communication device, wherein the data transferred by the 
communication device to the network is processed by said firewall before it 
5 is transferred into the network! and the data transferred from the network 
to the communication device passes through said firewall before it reaches 
the host device. 



13. The system of Claim 12 
10 same medium as the network 



wherein said physical connection is of the 
connection. 
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14. The system of Claim 1|2, wherein said physical connection comprises 
an MPCI (Mini Peripheral Component Interconnect) adapter to couple said 
first device to the communic; ition device. 

15. The system of Claim 1, wherein said system further comprises a 
software driver in the host dlvice, said driver operable to pass data that is 
received by the communicatiln device to said first device to be processed by 
said firewall. 



16. The system of Claim ±5, wherein said software driver is further 



operable to pass data which 



is to be transferred by the communication 



device over the network to said first device to be processed by said firewall. 

17. The system of Claim 1, further comprising a software component 
installed above a driver for tftie communication device, said software 
component operable to route jdata for the communication device to said first 
device. 
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18. The system of Claini 17, wherein said software component is a shim 
that resides above a miniport driver. 



19. The system of Claim 
installed below a driver for 
component operable to route 
device. 



20. The system of Claim 
transfer security logi 
security logic for securely 
server in the network. 



1, further comprising a software component 
the communication device, said software 
data for the communication device to said first 



1, further comprising: 

c residing on said first device, said transfer 
transferring data between said first device and a 



21. The system of Claim 1, further comprising: 

a configuration integrity checker for checking integrity of software 
components in said system; 

an alert log for logging possible security breaches detected by said 
system; and 

a server for providing Policies to be used by said firewall. 



22. 



A method of providing security in a network having a 



communication interface devicje that makes a network connection without a 
firewall, said method comprising: 

a) allowing a connection \o said network to be established when using 
said communication interface dWice only if a firewall device comprising a 
hardware implemented firewall \s coupled to a host device; 

b) receiving data from saidi network over said connection establish via 
said communication interface device; 
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c) processing said data w ith said hardware implemented firewall; 



and 



L/tO 



d) transferring said data /to said host device, wherein said data is 



processed by said hardware implemented firewall 



23. The method of Claim 22 
said data to said firewall device \ 



further comprising said host device routing 
to be processed by said hardware 
implemented firewall, said roujting taking place at a physical layer in said 
data stack. 



24. 



The method of Claim 22 
e) sending policies to 
said hardware implemented 



said 



, further comprising: 
firewall device, wherein the operation of 
fibewall is modified. 



25. The method of Claim 22, further comprising: 

e) performing a configuration integrity check of a software 
component on said host device 



26. The method of Claim 25 
is performed before said 
connection is allowed only if 



wherein said configuration integrity check 
network connection is allowed in a), wherein said 
s&id configuration integrity check passes. 



27. The method of Claim 25] wherein e) comprises performing said 
configuration integrity check b^ performing a hash on said software 
component to produce a hash vklue and comparing said hash value with a 
stored hash value. 



28. The method of Claim 27, ^herein said stored hash value resides on 
said firewall device. 
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29. The method of Claii^ 27, further comprising: 

f) sending an alert if said configuration integrity check fails. 

30. The method of Claim 29, further comprising: 

g) storing an alert ilf said configuration integrity check fails. 

31. The method of Claim 22, further comprising: 

e) swapping resource spaces in said host device that are reserved for 
10 said communication interface device and said firewall device, wherein said 

host device treats said communication interface device as said firewall 
device and vice versa; and 

f) said communication interface device transferring data received 
from said network in b) to said firewall device, wherein said firewall device 

15 processes said data with said hardware implemented firewall. 

32. The method of Claim 22, further comprising: 

e) transferring data to be transferred over said network by said 
communication interface device to said firewall device; and 
20 f) processing said de ta with said hardware implemented firewall, 

wherein said data is processed by said hardware implemented firewall 
before it is transferred over said network connection established via said 
communication interface device. 



25 33. The method of Claiml32, wherein said e) comprises said host device 
routing said data to said firewall device before it is sent to said 
communication interface device, said routing taking place at a physical 
layer in said data stack. 



3COM-3828.MCD.US.P JPW/RMP 



IT— | 



m 



jPj 



15 



31 

34. The method of ClLim 22, further comprising: 

e) performing a configuration integrity check of a software 
component on said host device; and 

f) sending policies (to said firewall device, wherein the operation of 
said hardware implemented firewall is modified. 



35. The method of Claim 
g) sending an alert 



device for establishing a 



34, further comprising: 
if said configuration integrity check fails. 



10 36. A firewall device for providing a hardware implemented firewall to a 



network connection, said device comprising: 



a hardware implemented firewall; 



a data interface for 



37. The firewall device 
logic for performing 



receiving and sending data; 
first logic for allowing said network connection to be established 
using said device if said firewall device is coupled to said device. 



of Claim 36, further comprising: 
a configuration integrity check of software 
components, said logic operable to produce a numeric value that results 
20 from said check; 

a stored value for each software component to be checked for 
integrity; and 

logic to compare said produced value with said stored value. 

25 38. The firewall device of Claim 36, wherein said first logic comprises 
stored values to be used in lan authentication process during establishment 
of said network connection.! 
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